Cyware Daily Threat Intelligence November 13, 2017

Top Malware Reported in the Last 24 Hours
Cobra Crisis variant
A new variant of Cobra Crysis ransomware has been discovered by security researchers that appends encrypted user files with .cobra extension. Also, it is reported that when this Cobra ransomware variant is installed, it will scan a computer for data files and encrypt them. Users are advised to backup their files regularly.

New Locky ransomware strain
A newly discovered strain of Locky ransomware has been found to be masquerading as legitimate Microsoft Word documents. The malware collects information about the operating system and sends it — encrypted — to the command-and-control server and retrieves the encryption key.

Top Vulnerabilities Reported in the Last 24 Hours
Flawed LG gadgets
In a recent discovery, security researchers have found that an LG app lets hackers hijack household gadgets and transform them into spying devices. What’s even more surprising is that the flaw impacts a range of household gadgets that are installed in personal spaces of the users such as kitchens, bedrooms etc.

AVGater vulnerability
Hackers have found a way to abuse the quarantine feature present in most of the popular antivirus systems. The attack starts with a malicious DLL file being placed into quarantine by the antivirus software. Then the attacker abuses the security application’s Windows process, which typically has SYSTEM permissions, to restore the file. The malicious DLL is restored to a different folder from which a privileged process is launched.

Top Breaches Reported in the Last 24 Hours
Amaq hacked
A group of ISIS sympathizers — dubbed Di5s3nSiON — hacked the Islamic State-affiliated Amaq news agency. It was used for propaganda and to share news related to the activities of the radical group. In addition, the news agency warned that visitors were being prompted to download malicious Flashplayer file.

Fasten data breach
In a yet another startling data breach, personal and financial data of over a million users was accidentally exposed by the US-based ride-hailing firm — Fasten. Sensitive data related to their own drivers was also exposed by the firm. The publicly exposed data include names, email addresses, mobile numbers, credit card records, hyperlinks to pictures, machine IMEI numbers, GPS records and clients’ taxi routes.

LBPS on a counterattack
The high-profile group of plastic-surgeons based in London — London Bridge Plastic Surgery (LBPS) — caters to a number of celebrity clients. However, it is now trying to fight back against the hackers who stole some sensitive photos of their elite customers. Adopting such tactics is not yet permitted in the UK — albeit — several law enforcement agencies are using similar tactics.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.